Court documents from a drug trial in Kentucky have revealed that the U.S. federal Bureau of Alcohol, Tobacco, Firearms and Explosives nor any other U.S. local, state, or federal law enforcement agency are able to break the hardware encryption on an iPhone 4S device or higher, so they have resorted to asking Apple to do it for them.

In fact, the move is so popular with law enforcement agencies, that Apple has been forced to create a "waiting list" to handle all requests.

In this particular case the agents had to wait at least seven weeks for their request to be handled, and the whole process seems to have taken at least four months.

It is also largely unknown how Apple does it - it is only confirmed that once Apple analysts bypass the passcode, they download the (probably decrypted) contents of the phone to an external memory device and ship it to the law enforcement agency that requested it.

"It's not clear whether that means Apple has created a backdoor for police -- which has been the topic of speculation in the past -- whether the company has custom hardware that's faster at decryption, or whether it simply is more skilled at using the same procedures available to the government," notes Cnet's Declan McCullagh.

But the fact is that if you believe that the data contained in your Apple device is safe from law enforcement's eyes, you are wrong.

According to McCullagh, Google resolves the issue by simply resetting the password on the suspect's Android device and provides the new password to law enforcement.

As a reminder, a recent investigation conducted by US Drug Enforcement Administration agents has also revealed that they were unable to decrypt messages the targets exchanged via Apple's iMessage system. Again, the problem can be sidestepped by getting a court order and demanding Apple to help intercept and decrypt the messages.

Spotlight

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Sun Tzu's writings have been studied throughout the ages by professional militaries and can used to not only answer the question of whether or not we are in a cyberwar, but how one can fight a cyber-battle.

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

There is still way too much apathy when it comes to data-centric security. Given the sensitive data the OPM was tasked with protecting, it should have had state-of-the-art data protection, but instead it has become the poster child for IT security neglect.